I am using OpenLDAP 2.4.7 in an Ubuntu 8.04 server.

I have in my tree an user whose "userPassword" attribute is "{CLEARTEXT}testpass".

This command works: $ ldapwhoami -U testuser -w testpass SASL/DIGEST-MD5 authentication started SASL username: testuser SASL SSF: 128 SASL data security layer installed. dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br

But I don't know why this one doesn't work... $ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass ldap_bind: Invalid credentials (49)

The command above works only after removing the "{CLEARTEXT}" string before the real password:

$ ldapmodify -U testuser -w testpass SASL/DIGEST-MD5 authentication started SASL username: testuser SASL SSF: 128 SASL data security layer installed. dn: uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br changetype: modify replace: userPassword userPassword: testpass modifying entry "uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br"

$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br

-------------------

My doubt is: if an user have his password set to "{CLEARTEXT}<real password>", it should be able to authenticate itself either with simple authentication or with SASL, doesn't it?